Posts Tagged ‘Skype’

The web forum 4chan is known mostly as a place to share juvenile and, to put it mildly, politically incorrect images. But it’s also the birthplace of one of the latest attempts to subvert the NSA’s mass surveillance program. When […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

Skype Vulnerability Exposing User IP Addresses
Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user’s last known IP address by …

A new nasty piece of malware is now being used in the ongoing conflict in Syria, with the ability to take over an infected computer or steal documents from it.

Computer security firm Trend Micro cited reports the malware, dubbed DarkComet, is being used against supporters of the Syrian opposition movement.

“The malware used in the attacks reportedly spreads through Skype chats. Once users execute the malware, it connects to a (command and control) server in Syria … which belongs to an IP range assigned to the Syrian Telecommunications Establishment,” Trend Micro said in a blog post.

It noted this could be a response to the opposition’s increasing use of platforms such as Facebook to organize and spread their message.

Other supporters of the regime like the “Syrian Electronic Army” had sought to disrupt the opposition’s activities by defacing websites and spamming Facebook pages.

Trend Micro said DarkComet is considered a widely available Remote Access Trojan (RAT).

It said DarkComet is a full-featured RAT that has the ability to take pictures via webcam, listen in on conversations via a microphone attached to a PC, and gain full control of the infected machine.

“But the features attracting most people using this RAT are the keylogging and file transfer functionality. This way, an attacker can load any files onto the infected machine or even steal documents,” it said.

Removal tool

Trend Micro said DarkComet, created by a coder using the handle DarkCoderSc, is still being developed and version 5 was released last January 15.

“Since the reports of its use in connection with events in Syria, the author of DarkComet has expressed regret and while he will continue developing the RAT, he plans to make a DarkComet detector/remover available to the Syrian people,” Trend Micro said.

Infection via Skype chats

Trend Micro said the malware bearing a Facebook icon was reportedly distributed through Skype chats.

One sample, which Trend Micro detects as BKDR_ZAPCHAST.SG, is DarkComet 5.

But another sample obtained by Trend Micro behaves differently, and involves an initial executable, which is detected by Trend Micro as BKDR_BREUT.A.

This drops two executable files, with the first file displayed to the compromised user as a Mac Address Changer tool.

But this appears to be a simple decoy because while this is displayed, the second executable then connects to a server and downloads another file.